ForgotPasswordAction.java

/*
 * This software was designed and created by Jason Carroll.
 * Copyright (c) 2002, 2003, 2004 Jason Carroll.
 * The author can be reached at jcarroll@cowsultants.com
 * ITracker website: http://www.cowsultants.com
 * ITracker forums: http://www.cowsultants.com/phpBB/index.php
 *
 * This program is free software; you can redistribute it and/or modify
 * it only under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 */

package org.itracker.web.actions.user;

import org.apache.commons.beanutils.PropertyUtils;
import org.apache.log4j.Logger;
import org.apache.struts.action.*;
import org.itracker.core.resources.ITrackerResources;
import org.itracker.model.User;
import org.itracker.model.util.UserUtilities;
import org.itracker.services.ConfigurationService;
import org.itracker.services.UserService;
import org.itracker.PasswordException;
import org.itracker.web.actions.base.ItrackerBaseAction;
import org.itracker.web.util.ServletContextUtils;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Locale;

public class ForgotPasswordAction extends ItrackerBaseAction {
    private static final Logger log = Logger.getLogger(ForgotPasswordAction.class);

    public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        ActionMessages errors = new ActionMessages();

        try {
            ConfigurationService configurationService = ServletContextUtils.getItrackerServices().getConfigurationService();
            UserService userService = ServletContextUtils.getItrackerServices().getUserService();

            if (!configurationService.getBooleanProperty("allow_forgot_password", true)) {
                throw new PasswordException(PasswordException.FEATURE_DISABLED);
            }

            String login = (String) PropertyUtils.getSimpleProperty(form, "login");
            String lastName = (String) PropertyUtils.getSimpleProperty(form, "lastName");

            if (login != null && lastName != null && !login.equals("") && !lastName.equals("")) {
                User user = null;
                Locale locale = null;
                try {
                    user = userService.getUserByLogin(login);
                    if (user == null) {
                        throw new PasswordException(PasswordException.UNKNOWN_USER);
                    }
                    try {
                        locale = ITrackerResources.getLocale(user.getPreferences().getUserLocale());
                    } catch (RuntimeException e) {
                        locale = ITrackerResources.getLocale();
                    }

                    if (user.getLastName() == null || !user.getLastName().equalsIgnoreCase(lastName)) {
                        throw new PasswordException(PasswordException.INVALID_NAME);
                    }
                    if (user.getEmail() == null || user.getEmail().equals("")) {
                        throw new PasswordException(PasswordException.INVALID_EMAIL);
                    }
                    if (user.getStatus() != UserUtilities.STATUS_ACTIVE) {
                        throw new PasswordException(PasswordException.INACTIVE_ACCOUNT);
                    }

                    if (log.isDebugEnabled()) {
                        log.debug("ForgotPasswordHandler found matching user: " + user.getFirstName() + " " + user.getLastName() + "(" + user.getLogin() + ")");
                    }

                    String subject = ITrackerResources.getString("itracker.email.forgotpass.subject", locale);
                    StringBuffer msgText = new StringBuffer();
                    msgText.append(ITrackerResources.getString("itracker.email.forgotpass.body", locale));
                    String newPass = userService.generateUserPassword(user);
                    userService.updateUser(user);
                    msgText.append(ITrackerResources.getString("itracker.web.attr.password", locale)).append(": ").append(newPass);

                    ServletContextUtils.getItrackerServices().getEmailService()
                            .sendEmail(user.getEmail(), subject, msgText.toString());
                } catch (PasswordException pe) {
                    if (log.isDebugEnabled()) {
                        log.debug("Password Exception for user " + login + ". Type = " + pe.getType());
                    }
                    if (pe.getType() == PasswordException.INVALID_NAME) {
                        errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.lastname"));
                    } else if (pe.getType() == PasswordException.INVALID_EMAIL) {
                        errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.invalidemail"));
                    } else if (pe.getType() == PasswordException.INACTIVE_ACCOUNT) {
                        errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.inactive"));
                    } else if (pe.getType() == PasswordException.UNKNOWN_USER) {
                        errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.unknown"));
                    }
                }
            }
        } catch (PasswordException pe) {
            errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.notenabled"));
            log.error("Forgot Password function has been disabled.", pe);
        } catch (Exception e) {
            errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.system"));
            log.error("Error during password retrieval.", e);
        }

        if (!errors.isEmpty()) {
            saveErrors(request, errors);
            return (mapping.findForward("forgotpassword"));
        }

        errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.message.forgotpass"));
        saveErrors(request, errors);
        return mapping.findForward("success");
    }

}